Web-Security-Learning

A curated list of awesome Internet port and host scanners, plus related components and much more, with a focus on free and open source projects.

Burp Suite extension to discover assets from HTTP response.

The python client of 360 Netlab whois database

2019 补天厂商爬虫与数据可视化文件打包

handling 1M websockets connections in Go

更快速的进行Web应用指纹识别

web模糊测试 - 将漏洞可能性放大

梳理下自己之前写过的文章

用于辅助安全工程师漏洞挖掘、测试、复现，集合了mock、httplog、dns tools、xss，可用于测试各类无回显、无法直观判断或特定场景下的漏洞。

🚀 A simple asset discovery engine for cybersecurity. (网络资产发现引擎)

vulhub下载器，可则需下载对应环境

Web application fuzzer

An advanced guide to learn English which might benefit you a lot 🎉 . 离谱的英语学习指南/英语学习教程/英语学习/学英语

应急响应实战笔记，一个安全工程师的自我修养。

oauth2研究: 实现代码、漏洞利用、修复方案

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

dynamic crawler for web vulnerability scanner

Security Tool to Look For Interesting Files in S3 Buckets

Secure Socket Funneling - Network tool and toolkit - TCP and UDP port forwarding, SOCKS proxy, remote shell, standalone and cross platform

Scripted Local Linux Enumeration & Privilege Escalation Checks

RedTeam资料收集整理

一个主要用于信息搜集的工具集，主要是用于对网站子域名、开放端口、端口指纹、c段地址、敏感目录等信息进行批量搜集。

Hands-On AWS Penetration Testing with Kali Linux published by Packt

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

Socks proxy, and reverse socks server using powershell.

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication